valter Posted July 30, 2008 Posted July 30, 2008 (edited) För ett par dagar sen började min Vista maskin bete sig lite konstigt. Det funkar bra att surfa på nätet och sånt, men så fort jag försöker öppna upp en fil eller en mapp på datorn, så försvinner aktivitetsfältet, och kommer allt som oftast inte tillbaka. Då får man logga ut, för att sen logga in igen. Vid nästa försök att kolla i mappar så upprepas proceduren. Har nu kört virusrensning med Avast, avinstallerat en massa onödigt trams, och tömt papperskorgen. Kört med CCleaner och Ad-Aware, men ingen skillnad i datorns sätt att bete sig. Har nu kollat maskinen med HijackThis, här är resultatet: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:19:43, on 2008-07-31 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAlwil SoftwareAvast4ashDisp.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesCOMODOFirewallcfp.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesMozilla Firefoxfirefox.exe C:Windowssystem32conime.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: (no name) - {9613A000-C0CF-4CEF-B5F7-B5190A939DA1} - C:Windowssystem32opnMebAR.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - AppInit_DLLs: C:Windowssystem32guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe -- End of file - 10903 bytes Är mycket tacksam för hjälp, vill om möjligt undvika en ominstallation. Mvh/ Valter ..... Fortsättning: Här är loggen efter en sökning med Malwarebytes: Malwarebytes' Anti-Malware 1.23 Databasversion: 1010 Windows 6.0.6001 Service Pack 1 00:42:53 2008-07-31 mbam-log-7-31-2008 (00-42-53).txt Skanningstyp: Snabb skanning Antal skannade objekt: 40448 Förfluten tid: 4 minute(s), 58 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 1 Infekterade registernycklar: 6 Infekterade registervärden: 0 Infekterade registerdataposter: 2 Infekterade mappar: 7 Infekterade filer: 11 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: C:WindowsSystem32opnMebAR.dll (Trojan.Vundo) -> Delete on reboot. Infekterade registernycklar: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9613a000-c0cf-4cef-b5f7-b5190a939da1} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOTCLSID{9613a000-c0cf-4cef-b5f7-b5190a939da1} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINESOFTWAREMicrosoftFCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftRemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESOFTWAREScreensavers.com (Adware.Comet) -> Quarantined and deleted successfully. Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo) -> Data: c:windowssystem32opnmebar -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAAuthentication Packages (Trojan.Vundo) -> Data: c:windowssystem32opnmebar -> Delete on reboot. Infekterade mappar: C:Program FilesScreensavers.com (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInst (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInstbin (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInstReady (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInsttemp (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInstUpload (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comWallpaper (Adware.Comet) -> Quarantined and deleted successfully. Infekterade filer: C:WindowsSystem32opnMebAR.dll (Trojan.Vundo) -> Delete on reboot. C:WindowsSystem32RAbeMnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32RAbeMnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32efcBrQHy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32yHQrBcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32yHQrBcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32pmnnOEWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32PWEOnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:WindowsSystem32PWEOnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comSSSInstbinSSSUninst.exe (Adware.Comet) -> Quarantined and deleted successfully. C:Program FilesScreensavers.comWallpaperswpstart.exe (Adware.Comet) -> Quarantined and deleted successfully. Edited January 9, 2009 by Malou Tråden/Ämnet är låst:
Guest Malou Posted July 30, 2008 Posted July 30, 2008 Hej valter! Ser att du har en del mystiska filer i systemet som inte hör hemma där. Vi börjar med nedanstående Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ instruktionerna noga: Hämta hem Malwarebytes Anti-Malware: http://www.besttechie.net/tools/mbam-setup.exe 1: Spara installationsfilen till skrivbordet 2: För att påbörja installationen dubbelklicka på mbam-setup.exe 3: Bocka för nedanstående Uppdatera Malwarebytes' Anti-Malware Starta Malwarebytes' Anti-Malware 4: Klicka på Slutför Om där finns uppdateringar kommer dessa att installeras. Då ovanstående är gjort gå vidare med nedanstående procedur: 1: När programmet startar så välj Utför snabb scanning 2: Klicka på knappen Scanna 3: Scanningen kommer nu att ta en stund 3: När programmet scannat klart klicka Ok och sedan Visa resultat 4: Bocka för allt och klicka på Remove Selected 5: Då borttagningen är klar kommer en textfil i Anteckningar att öppnas upp med en logg. Kopiera/klistra in den loggan hit till din tråd. 6: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur den ser ut. MVH/Malou
valter Posted July 30, 2008 Author Posted July 30, 2008 Ny sökning efter omstart: Malwarebytes' Anti-Malware 1.23 Databasversion: 1010 Windows 6.0.6001 Service Pack 1 00:58:45 2008-07-31 mbam-log-7-31-2008 (00-58-45).txt Skanningstyp: Snabb skanning Antal skannade objekt: 40388 Förfluten tid: 4 minute(s), 47 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) ----------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:00:12, on 2008-07-31 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:WindowsExplorer.EXE C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:Program FilesAlwil SoftwareAvast4ashDisp.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesCOMODOFirewallcfp.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05binssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - AppInit_DLLs: C:Windowssystem32guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe -- End of file - 10774 bytes
valter Posted July 30, 2008 Author Posted July 30, 2008 Hej Malou! Säger bara en sak, du är min GUD! Efter rensningen med Anti-Malware så funkar datorn bra igen. Det gick att öppna mappar utan avbrott, gick att kolla efter uppdateringar till Windows, etc. Så jag är dig evigt tacksam! Man kan alltså konstatera att CClenear, Ad-Aware och även antivirusprogrammet missade att ta bort vissa filer. Mvh/ Valter
Guest Malou Posted July 31, 2008 Posted July 31, 2008 Hej valter! Varsegod och tack för dina vänliga ord Underbart härligt att höra att datorn mår bättre Man kan alltså konstatera att CClenear, Ad-Aware och även antivirusprogrammet missade att ta bort vissa filer. OBS: CCleaner är inget skyddsprogram. Det är ett städverktyg som städar rent i tempmappar (tar bort temporära filer etc...) samt städar bort gamla rester av registernycklar som blivit kvar då man bla har avinstallerat program etc.... Den tar således inte bort virus/trojaner etc.. på det sättet. Ad-Aware är inte tillförlitligt att använda då den ger F/P (False/Posetive) och sedemera inte hittar/åtgärdar eventuella otyg. Det finns bättre program att använda så som exempelvis Malwarebytes' Anti-Malware/Super Antispyware. Bertäffande antivirusprogram så kan dessa tyvärr inte hitta allt. ***************************************************************** Malwarebytes' Anti-Malware loggan är ren och fin. Mycket bra. Ang din TM HJT-logga: Är det du som har installerat => ShowBarObj C:Windowssystem32ActiveToolBand.dll http://www.castlecops.com/tk32677-ShowBarObj_Class.html Ser att du har en äldre version av Javan installerad (en säkerhetsrisk). Den nyare heter Java Runtime Environment (JRE) 6 Update 7. => Java Runtime Environment (JRE) 6 Update 7 MVH/Malou
valter Posted August 1, 2008 Author Posted August 1, 2008 Har fixat Java uppdateringen, det andra du skriver om vet jag inte riktigt. ActiveToolBand.dll är inte poppis enligt Google, så jag har förhoppningsvis inte installerat det frivilligt. Hur tar jag bort det? Kör jag med Anti-Malware så är den loggan ren och fin. Mvh/ Valter
Guest Malou Posted August 1, 2008 Posted August 1, 2008 Hej Valter! Gör en ny TM HJT-logga så fixar vi denna Toolbar den vägen MVH/Malou
valter Posted August 1, 2008 Author Posted August 1, 2008 OK. Här kommer nya loggen. ---------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:37:07, on 2008-08-01 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAlwil SoftwareAvast4ashDisp.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesCOMODOFirewallcfp.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesJavajre1.6.0_07binjusched.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Windowssystem32taskeng.exe C:Program FilesWindows Sidebarsidebar.exe C:WindowsSystem32mobsync.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows MailWinMail.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - AppInit_DLLs: C:Windowssystem32guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe -- End of file - 10764 bytes Kan ej hitta filen genom att gå in i Windows/System32 mappen Mvh/ Valter
Guest Malou Posted August 1, 2008 Posted August 1, 2008 Hej valter! Vi provar med nedanstående Skriv ut nedanstående eller kopiera det till ett textdokument och spara det till skrivbordet: Läs/Följ Instruktionerna mycket noga Öppna TM HJT => klicka på Do a system scan only-knappen => Bocka för nedanstående detaljer => Stäng ner Webbläsaren => klicka på Fix Checked-knappen: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll Då du gjort ovanstående: Starta om datorn till felsäkert läge (tryck F8-Tangenten upprepade gånger under uppstarten och välj felsäkert läge): För att hitta det du nu skall leta upp gör nedanstående: Ställ in Utforskaren så du kan se alla filer: 1: I verktygsfältet klicka på => Verktyg => Mappalternativ 2: Välj fliken => Visning sätt en bock i => Visa dolda filer och mappar 3: Avbocka Dölj filnamnstillägg för kända filtyper 4: Avbocka Dölj skyddade operativsystemfiler Sök/Leta reda på: Navigera dig fram enligt nedanstående sökväg och deleta filen C:Windowssystem32ActiveToolBand.dll<=Deleta filen om den hittas: Vidare: Fortfarande felsäkert läge: Gå till Start => Kör => Skriv sen i Kör fältet cleanmgr => Klicka Ok-knappen Bocka i de här nedanstående och putsa bort dom Temporary Files Temporary Internet Files Recycle Bin Nu: Starta om datorn till normalläge igen: 1: Uppdatera Malwarebytes' Anti-Malware 2: Gör en ny scanning med Malwarebytes' Anti-Malware. 3: Kopiera in loggan du får fram från Malwarebytes' 4: Gör en ny TM HJT-logga kopiera in den hit så får vi se hur det ser ut. 5: Berätta/Tala om hur datorn mår och om där kvarstår problem. MVH/Malou
valter Posted August 1, 2008 Author Posted August 1, 2008 Hej igen! Här kommer de olika loggarna: --------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.24 Databasversion: 1015 Windows 6.0.6001 Service Pack 1 00:40:02 2008-08-02 mbam-log-8-2-2008 (00-40-02).txt Skanningstyp: Snabb skanning Antal skannade objekt: 40533 Förfluten tid: 4 minute(s), 41 second(s) Infekterade minnesprocesser: 0 Infekterade minnesmoduler: 0 Infekterade registernycklar: 0 Infekterade registervärden: 0 Infekterade registerdataposter: 0 Infekterade mappar: 0 Infekterade filer: 0 Infekterade minnesprocesser: (Inga illasinnade poster hittades) Infekterade minnesmoduler: (Inga illasinnade poster hittades) Infekterade registernycklar: (Inga illasinnade poster hittades) Infekterade registervärden: (Inga illasinnade poster hittades) Infekterade registerdataposter: (Inga illasinnade poster hittades) Infekterade mappar: (Inga illasinnade poster hittades) Infekterade filer: (Inga illasinnade poster hittades) -------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:42:57, on 2008-08-02 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Windowssystem32taskeng.exe C:Program FilesAlwil SoftwareAvast4ashDisp.exe C:Program FilesLaunch ManagerLManager.exe C:Program FilesCOMODOFirewallcfp.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesWindows Sidebarsidebar.exe C:Windowssystem32wbemunsecapp.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesMalwarebytes' Anti-Malwarembam.exe C:Windowssystem32NOTEPAD.EXE C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesTrend MicroHijackThisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://sv.intl.acer.yahoo.com R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://sv.intl.acer.yahoo.com R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/def...://uk.yahoo.com R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide O4 - HKLM..Run: [LManager] C:PROGRA~1LAUNCH~1LManager.exe O4 - HKLM..Run: [COMODO Firewall Pro] "C:Program FilesCOMODOFirewallcfp.exe" -h O4 - HKLM..Run: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJÄNST') O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NÄTVERKSTJÄNST') O4 - HKUSS-1-5-18..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM') O4 - HKUS.DEFAULT..RunOnce: [iETI] C:Program FilesSkypePhoneIEPluginunins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user') O8 - Extra context menu item: &Winamp Toolbar Search - C:ProgramDataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O8 - Extra context menu item: Skicka bild till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm O8 - Extra context menu item: Skicka sida till &Bluetooth-enhet... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRA~1JavaJRE16~1.0_0binssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - AppInit_DLLs: C:Windowssystem32guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:Program FilesLavasoftAd-Awareaawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOFirewallcmdagent.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:AcerEmpowering TechnologyeDataSecurityeDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:AcerEmpowering TechnologyeLockServiceeLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:AcerEmpowering TechnologyeNeteNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:AcerEmpowering TechnologyeSettingsServicecapuserv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe O23 - Service: MobilityService - Unknown owner - C:AcerMobility CenterMobilityService.exe O23 - Service: NMSAccessU - Unknown owner - C:Program FilesCDBurnerXPNMSAccessU.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe O23 - Service: ePower Service (WMIService) - acer - C:AcerEmpowering TechnologyePowerePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe -- End of file - 10435 bytes --------------------------------------------------------------------------- Filen gick ej att hitta i felsäkert läge under Windowsmappen. Och datorn tycks må alldeles prima för tillfället! Tusen tack igen! Mvh/ Valter
Guest Malou Posted August 1, 2008 Posted August 1, 2008 Hej valter! Varsegod och tack själv för att vi fick hjälpa Filen gick ej att hitta i felsäkert läge under Windowsmappen. Och datorn tycks må alldeles prima för tillfället! Helt ok om den inte hittades. Brukar ta med den proceduren för att säkerställa att den är borta Underbart härligt att höra att datorn mår bra! Malwarebytes' Anti-Malware loggan är ren och fin som den skall vara. Mycket bra TM HJT-loggan ser ren och fin ut även den. Kan inte hitta några otrevligheter eller andra konstigheter i den längre. Du har gjort ett mycket bra jobb Gå till kontrollpanelen lägg till/ta bort och kontrollera så du inte har några äldre Javaversioner installerade. Om du har så aviinstallera dessa. Den nyare heter Java Runtime Environment (JRE) 6 Update 7 och den skall du behålla Här kommer de sedvanliga råden och tipsen: Hämta hem/installera alla säkerhetsuppdateringar/patchar m.m. Hämta hem/installera SP1/SP3 för det Operativsystem som används (Windows XP/Windows Vista). Allt hittas på nedanstående sida där det även finns Lite Tips & Råd för en säkrare dator: =>Lite Tips & Råd för en säkrare dator: MVH/Malou
valter Posted August 2, 2008 Author Posted August 2, 2008 Hej! Alla tidigare varianter av Java har tagits bort manuellt vid installation av den senaste. Kör med SP1 på denna Vista Ultimate dator, och SP3 på min stationära med XP. Problemen började för ett par veckor sedan, när jag försökte låsa upp GPS kartan i datorn. Jag testade säkert två dygn utan framgång, trotts att kartan är en original Garmin DVD, som Garmin skickat till mig. När jag tröttnade så sökte jag efter en "key-generator" på nätet.... resten är historia. Men tack vare dina enastående kunskaper och tålamod, så mår min dator (och jag själv för den delen) mycket bättre. Tusen tack! Mvh/ Valter
Guest Malou Posted August 2, 2008 Posted August 2, 2008 Hej Valter! Varsegod och tack själv för att vi fick hjälpa samt för dina vänliga ord Underbart härligt att höra att både du och din dator mår bra När jag tröttnade så sökte jag efter en "key-generator" på nätet.... resten är historia. Inte helt omöjligt att denna har dragit med sig otyg in i datorn. Alla tidigare varianter av Java har tagits bort manuellt vid installation av den senaste. Kör med SP1 på denna Vista Ultimate dator, och SP3 på min stationära med XP. Mycket bra att du avinstallerat äldre versioner av Javan Att du har SP1 installerat i din Vista ser jag men tar alltid med allt för att inget skall missas Ha det så bra och var rädd om datorn! MVH/Malou
Recommended Posts